[src/netbsd-1-6]: src/dist/bind/bin/named Pull up revision 1.8 (requested by ...

[lukem <lukem%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/2133096ffff0
branches:  netbsd-1-6
changeset: 529354:2133096ffff0
user:      lukem <lukem%NetBSD.org@localhost>
date:      Fri Nov 15 00:48:43 2002 +0000

description:
Pull up revision 1.8 (requested by itojun in ticket #989):
apply http://www.isc.org/products/BIND/patches/bind833.diff to fix recent
vulnerabilities:
* BIND: Remote Execution of Code (BIND 4 & 8)
* BIND: Multiple Denial of Service (BIND 8 only)

diffstat:

 dist/bind/bin/named/ns_resp.c |  18 ++++++++++++++----
 1 files changed, 14 insertions(+), 4 deletions(-)

diffs (47 lines):

diff -r 00bfe397980c -r 2133096ffff0 dist/bind/bin/named/ns_resp.c
--- a/dist/bind/bin/named/ns_resp.c     Fri Nov 15 00:48:29 2002 +0000
+++ b/dist/bind/bin/named/ns_resp.c     Fri Nov 15 00:48:43 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ns_resp.c,v 1.5.2.1 2002/06/28 11:34:48 lukem Exp $    */
+/*     $NetBSD: ns_resp.c,v 1.5.2.2 2002/11/15 00:48:43 lukem Exp $    */
 
 #if !defined(lint) && !defined(SABER)
 static const char sccsid[] = "@(#)ns_resp.c    4.65 (Berkeley) 3/3/91";
@@ -2003,7 +2003,7 @@
                 * to BOUNDS_CHECK() here.
                 */
                cp1 += (n = strlen((char *)cp1) + 1);
-               n1 = sizeof(data) - n;
+               n1 = sizeof(data) - n - INT16SZ;
                n = dn_expand(msg, eom, cp, (char *)cp1, n1);
                if (n < 0) {
                        hp->rcode = FORMERR;
@@ -2045,8 +2045,18 @@
                        ttl = origTTL;
                }
 
+               /*
+                * Check that expire and signature times are internally
+                * consistant.
+                */
+               if (!SEQ_GT(exptime, signtime) && exptime != signtime) {
+                       ns_debug(ns_log_default, 3,
+                       "ignoring SIG: signature expires before it was signed");
+                       return ((cp - rrp) + dlen);
+               }
+
                /* Don't let bogus signers "sign" in the future.  */
-               if (signtime > now) {
+               if (SEQ_GT(signtime, now)) {
                        ns_debug(ns_log_default, 3,
                          "ignoring SIG: signature date %s is in the future",
                                 p_secstodate (signtime));
@@ -2054,7 +2064,7 @@
                }
                
                /* Ignore received SIG RR's that are already expired.  */
-               if (exptime <= now) {
+               if (SEQ_GT(now, exptime)) {
                        ns_debug(ns_log_default, 3,
                                "ignoring SIG: expiration %s is in the past",
                                 p_secstodate (exptime));